Dear AAVSO Community,
Approximately two days ago, the AAVSO experienced a DDOS attack on our main website (www.aavso.org). Although we were able to mitigate this issue for a few days, the attacker has changed tactics and the website is presently timing out, giving 504 errors.
I appreciate your patience as we attempt to resolve this issue.
Brian
Greetings,
We’ve mitigated the attack to the greatest extent that we can. All services are running normally. We will likely make some large-scale infrastructure changes over the next week to reduce the likelihood of this happening again.
Brian
Simbad does not respond.
Hi Brian,
You may already know this, but Bob Denny’s (creator and vendor of the Astronomical Control Program suite) site at DC-3 Dreams also has experienced a recent DDOS attack. Seems odd to me that two astronomy-related sites get attacked at about the same time, especially, since as Bob mentioned “we don’t know what they want.” Bob finally adopted a whitelist approach that allows logins from approved IP addresses. That’s probably not practical for AAVSO, and whatever steps you are taking seem to be working.
George
Just a general observation: The AI’s and Human Bad Actors (I’m gonna coin the contraction HBA here–yes I am first to use HBA!) are attacking all databases it seems. If you stuff is in the cloud and you think it is safe… good luck on that. Why DDOS? DDOS could simply be an anarchist, or someone who isn’t happy with the things as they are, doesn’t want to join, or pay to play. Here is one of many articles on the web that try to explain behaviors behind it. Reason 1 and 3 in the article are the most likely in play, IMO.
Jim (DEY)